+ A
A -
Tribune News Network
Doha
The Emir HH Sheikh Tamim bin Hamad al Thani on Thursday issued Law No. 13 of 2016 on the protection of personal data. The law is effective from its date of publication in the Official Gazette.
The law seeks to ensure the right to personal data protection. The data monitor or processor cannot process personal data without obtaining the consent of the individual unless it is necessary for achieving a legitimate purpose.
An individual can object to the processing of personal data if that is found to be unnecessary.
The individual may also delete, erase or correct his/her personal data. The individual may at any time access the personal data and request for a revision with the data monitor or processor.
The individual has the right to being notified about processing of personal data, the purpose for doing so and any disclosure about inaccurate information.
The individual can get a copy of the personal data after paying an amount which should not exceed the service fee.
The law stipulates that the data monitor or processor should process the personal data honestly and legitimately after taking into account designing, modifying, or developing the systems and services related to the processing of personal data.
The data monitor or processor must take necessary administrative and technical measures to protect personal data from loss, damage, modification, disclosure or being illegally accessed.
The measures are: review privacy protection measures before the inclusion of new process, identify the data analysts and train them on the protection of personal data, develop internal systems to receive and consider complaints and requests for access to data, report any breach of the procedures, use appropriate technological means to enable individuals to exercise their right of access to directly review and correct their personal data, conduct audits and comprehensive review of the extent of commitment to the protection of personal data.
The data analyst must notify the monitor or processor of the existence of any defect or threat to personal data.
According to the provisions of the law, the data monitor or processor shall not take any decision or action that would reduce the flow of personal data across borders unless the processing of such data breaches the provisions of this law or that it would cause damage to personal data or the privacy of the individual.
The owner or operator of any website related to children must put a notice on the website about children's data, how to use them and the policies adopted for disclosure. The owner or operator of the website is required to get consent of the parent of the child whose data is being processed.
The competent authority can process some personal data without being bound by the provisions of this law for the protection of national security or public security, protection of international relations of the country, protection of economic or financial state of the country, prevention of any crime or collection of information on a crime or and investigation of a crime.
Article 22 of the law bans electronic communications sent for direct marketing purposes without consent of the individual.
The fines for violation of the law range between QR1 million and QR5 million.
The provisions of this law will apply to personal data when it is electronically processed or when it is obtained, collected or extracted in preparation for processing or when its is processed through a combination of electronic and traditional processing.
Provisions of this law do not apply to personal data by which individuals process family data in order to obtain official statistical data.
